The current validation in JavaScript is insufficient and also produces
an incorrect error message, restricting the size parameter to 32-bit
values, whereas the C++ backend restricts the size parameter to the
positive range of an int.
This change tightens the validation in JavaScript and adapts the error
message accordingly, making the validation in C++ superfluous.
Refs: https://github.com/nodejs/node/pull/42207
PR-URL: https://github.com/nodejs/node/pull/42234
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Filip Skokan <panva.ip@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
The last release line that did not support the new openssl list command
was OpenSSL 1.1.0, which reached its end-of-life status years ago.
PR-URL: https://github.com/nodejs/node/pull/42235
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Mestery <mestery@protonmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Emulate the WHATWHG URL parse behavior of trimming leading and trailing
C0 control characters. This moves url.parse() slightly closer to
WHATWHG URL behavior. The current behavior is possibly insecure for some
uses. (The url.parse() API is marked as Legacy and the documentation
specifically says it has known bugs and insecure behaviors. Still this
change makes a lot of sense.)
This issue was reported by P0cas. https://github.com/P0cas
PR-URL: https://github.com/nodejs/node/pull/42196
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Darshan Sen <raisinten@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Mestery <mestery@protonmail.com>
Reviewed-By: Anto Aravinth <anto.aravinth.cse@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
If `ccache` is available, use it during V8 builds on ppc64le and s390x.
Only create the `gcc` and `g++` shims if necessary.
PR-URL: https://github.com/nodejs/node/pull/42204
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
The function generating fingerprint strings never accesses more than
EVP_MAX_MD_SIZE * 3 characters, including the terminating '\0'.
PR-URL: https://github.com/nodejs/node/pull/42175
Reviewed-By: Darshan Sen <raisinten@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/42153
Reviewed-By: Mestery <mestery@protonmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Darshan Sen <raisinten@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Updated docs to reflect current behaviour of readline:
final line of input will be emitted via `'line'` event
when input stream `'end'` event is emitted even when
the input is not newline terminated.
Refs: https://github.com/nodejs/node-v0.x-archive/issues/7238
PR-URL: https://github.com/nodejs/node/pull/42214
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Fix unchecked return warning from coverity in
src/env.cc. Added check in same manner as other
places where uv_async_init is called.
Signed-off-by: Michael Dawson <mdawson@devrus.com>
PR-URL: https://github.com/nodejs/node/pull/42176
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Darshan Sen <raisinten@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
- update the messages to reflect additional
bikeshedding that took place when action
was implemented in
https://github.com/nodejs/node/blob/master/.github/workflows/close-stale-feature-requests.yml.
- fix links to this document in messages as
we moved the contributing docs location.
Signed-off-by: Michael Dawson <mdawson@devrus.com>
PR-URL: https://github.com/nodejs/node/pull/42217
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Darshan Sen <raisinten@gmail.com>
Reviewed-By: Mestery <mestery@protonmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Using `file://${path}` does not properly escape special URL characters.
PR-URL: https://github.com/nodejs/node/pull/41758
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Juan José Arboleda <soyjuanarbol@gmail.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
Not all environment returns 'Central European Summer Time', 'British
Summer Time' and 'Coordinated Universal Time'. E.g. Some environment
like Chinese returns '中欧夏令时间', '英国夏令时间' and '协调世界时'.
PR-URL: https://github.com/nodejs/node/pull/42113
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Mestery <mestery@protonmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Akhil Marsonya <akhil.marsonya27@gmail.com>
Reviewed-By: Darshan Sen <raisinten@gmail.com>
The shortened link to the commit message guidelines no longer works
after they were moved from `docs/guides` to `docs/contributing`. Now
that `core-validate-commit` outputs an error message pointing to the
full URL of the commit message guidelines on failure we no longer need
to include the URL (shortened or otherwise) in the workflow title.
PR-URL: https://github.com/nodejs/node/pull/42168
Refs: https://github.com/nodejs/core-validate-commit/pull/95
Refs: https://github.com/nodejs/node/issues/41697
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Mestery <mestery@protonmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Mohammed Keyvanzadeh <mohammadkeyvanzade94@gmail.com>
Reviewed-By: Darshan Sen <raisinten@gmail.com>
It was suggested to me that adding the next-10
effort to the strategic initiatives would be a good
way to keep the TSC up to date an in the loop on
the effort.
Signed-off-by: Michael Dawson <mdawson@devrus.com>
PR-URL: https://github.com/nodejs/node/pull/42167
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Beth Griggs <bgriggs@redhat.com>
Reviewed-By: Danielle Adams <adamzdanielle@gmail.com>
Reviewed-By: Darshan Sen <raisinten@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Mestery <mestery@protonmail.com>
Make url.parse() behave more like browsers and WHATWHG URL when dealing
with URLs that of the format `http:@example.com`. This is the same as
`http://example.com`.
This issue was reported by P0cas. https://github.com/P0cas
PR-URL: https://github.com/nodejs/node/pull/42136
Reviewed-By: Darshan Sen <raisinten@gmail.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
This function is never called with md_size == 0, and it would make no
sense to do so in the future either.
PR-URL: https://github.com/nodejs/node/pull/42145
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Darshan Sen <raisinten@gmail.com>
Coverity correctly reported that the value returned
by BIO_get_mem_data could be negative and the type
provided for the return value was unsigned.
Fix up the type and check.
Signed-off-by: Michael Dawson <mdawson@devrus.com>
PR-URL: https://github.com/nodejs/node/pull/42135
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Darshan Sen <raisinten@gmail.com>
The event "V8.GCScavenger" is soon to be deprecated. Most of V8
trace events are either behind flags and disabled by default, or
are emitted infrequently. Instead of replacing "V8.GCScavenger"
with some other random event, this patch updates the tests to
check that there is some event in the category "v8" whose name
starts with "V8.".
PR-URL: https://github.com/nodejs/node/pull/42120
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Mestery <mestery@protonmail.com>
Reviewed-By: Darshan Sen <raisinten@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
The ecosystem security program via HackerOne is no longer a thing.
Remove mention of it from SECURITY.md.
PR-URL: https://github.com/nodejs/node/pull/42144
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Mestery <mestery@protonmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Darshan Sen <raisinten@gmail.com>
Reviewed-By: Danielle Adams <adamzdanielle@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
Set the limit to match the number used in the
close stalled action. Required as not all eligeable
stale features are being processed.
Signed-off-by: Michael Dawson <mdawson@devrus.com>
PR-URL: https://github.com/nodejs/node/pull/42130
Reviewed-By: Mestery <mestery@protonmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Mohammed Keyvanzadeh <mohammadkeyvanzade94@gmail.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Darshan Sen <raisinten@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/42097
Reviewed-By: Filip Skokan <panva.ip@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Darshan Sen <raisinten@gmail.com>
The USE macro indicates that a value is intentionally ignored. Instead,
CHECK that the function succeeds.
PR-URL: https://github.com/nodejs/node/pull/42103
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Filip Skokan <panva.ip@gmail.com>
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Darshan Sen <raisinten@gmail.com>
